2 macs and a linux on a LAN
John F. Kohler
jkohler2 at earthlink.net
Fri Aug 4 23:06:44 PDT 2000
> On Fri, 4 Aug 2000, John F. Kohler wrote:
> > Fortunately, I have found that both Macintosh computers, behind the linksys
> > are protected by a firewall. There is a website that will probe your system:
> > http://www.grc.com
> > When I was on the modem with the linux box, I found several ports are
> > vulnerable.
> > The Macs, on the other hand, took a long time to test, but the report was
> > that
> > they were invisible.
> > I don't know how a firewall works, but what it does, apparently is keep
> > hackers out
> > of your system, particularly important if you are not on occaisional dial-up
> > but
> > constantly connected to a static IP address such as I have on my DSL service.
> Though there is not a great deal of risk for a home user using a
> "firewall-in-a-box" for the most part, they do not *keep* hackers out of
> your system. A firewall is kind of like a set of policies, or rules. (This
> is actually a good general parallel.) In real-life, we create laws to
> "stop" people from doing things the government does not like, and even if
> we assume they follow the law, loopholes are found, and exploited by those
> that can. (Look at the IRS, and the tax loopholes that are found and
> exploited each year by those that are talented.)
Thanks for the metaphor. It helped a lot.
> Firewalls increase the level of complexity for attacks, but do not assume
> that the firewall's protection is absolute. Your firewall would probably
> not protect you against a trojaned file sent to you via e-mail as an
> attachment etc, that used a MSOE auto-execute on open VBS to
> download/install something like a modified Back Oriface that creates an
> outgoing connection request to a remote machine to advertise its
> willingness to be "owned". (Hey, it seems far fetched, but all of the
> pieces are there...)
I guess the writers of attack-code can be very ingenious.
> The place you went to "click here to test your firewall" is probably just
> a plain vanilla port scanner. Many funky things can be done with packet
> fragmentation, odd offsets, and taking advantage of ICMP error messages
> for malformed headers to certain IP addresses to scan for machines to
> fingerprint through a firewall. I bet that packets with a source port of
> 53 (DNS) connections pass right through your firewall - no questions
Then there are numerous ports to my system and only some of them are protected.
> Part of a firewall is kind of a special filter that use packet information
> to deny incoing requests based on your policies. An understanding of some
> of the links sent in the last e-mail can help you better inform yourself
> on what your firewall can protect you from, and what it cannot do anything
I saved the links as bookmarks and will refer to them frequently.
> Again, most home users have little risk of people groing through the
> trouble to learn so much to "root" your home computer. Those that know
> this and are willing to use it, tend to hit high profile targets.
> Home users have greater risk of the new MSIE beta crashing their machine,
> or virus infections, or their anti-virus software crashing their machine
> than they do of their "firewall-in-a-box" being peirced, but learning
> about this stuff can be good for you - like broccoli. :-)
I eat organic broccoli, often raw, for its nutritional value, spinich, too.
> > Does that mean that I can build on what I already know and none of
> > it becomes obsolete as new revisions of an OS appear?
> For the most part, the command line tools will not change much at all.
> Those nifty GUI control panels, and gee-whiz-bang config/setup tools will
> undoubtedly change. This is why I suggest spending more time learning the
> concepts, and command line tools when you can. These command line tools
> and concepts are very close between distros, but hte fancy GUIs can be
> vastly different.
I must admit a certain addiction to nifty GUI control panels with 10 years of
playing in the Macintosh fields.
> For the most part, route, ifconfig, tar, cat, man etc work just as they
> did in the earliest slackware releases, but the window managers have come
> a long way since fvwm.
This exercise, itself, has given me good experience with ifconfig, lsmod, ismod
I need more time with route.
Thanks for your comments.
More information about the talk